WHAT IS CLAIMED IS: 



1 . A method for directing data packets to network applications, the method comprising; 
receiving a first data packet via a first network interface, the first data packet containing a 

first data packet service address; 

identifying a first network application of a plurality of network applications based at least in 
part on the first network interface and the first data packet service address, the plurality of 
network applications including a second network application, the first network 
application being different firom the second network application; and 

sending at least a portion of the first data packet to the first network application. 

2. The method of claim 1, wherein sending at least a portion of the first data packet to the 
first network appHcation includes sending at least a portion of the first data packet to the first 
network application via a second network interface, the second network interface being different 
from the first network interface. 

3 . The method of claim 1 , the method further comprising: 

receiving a second data packet via the first network interface, the second data packet 

containing a second data packet service address; 
identifying the second network application of the plurality of network applications based at 

least in part on the first network interface and the second data packet service address; and 
sending at least a portion of the second data packet to the second network application. 

4. The method of claim 1, wherein the first network application is a first version of a 
particular network application and the second network application is a second version of a 
particular network application. 
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5. The method of claim 4, wherein the first version of the particular network application is 
firom a first vendor, the second version of the particular network application is fi^om a second 
vendor, and the first vendor is different firom the second vendor. 

6. The method of claim 4, wherein the particular network application is selected from the 
group consisting of an intrusion detection appUcation, a virus detection appHcation, a firewall 
appUcation, a web switch, a network security application, and a load balancing application, 

7. The method of claim 1 , wherein; 

the first data packet includes a first data packet service port identifier; and 
identifying a first network application of a plurality of network applications based at least in 
part on the first network interface and the first data packet service address includes 
identifying a first network application of a plurality of network appHcations based at least 
in part on the first network interface, the first data packet service address, and the first 
data packet service port identifier. 

8. The method of claim 1 , wherein: 

the first network application is selected firom the group consisting of an intrusion detection 
appHcation, a virus detection application, a firewall application, a web switch, a network 
security application, and a load balancing application; and 

the second network application is a different network appKcation selected fi-om the group 
consisting of an intrusion detection appHcation, a virus detection application, a load 
balancing application, a virtual private network application, a firewall application, a web 
switch, a network security application, a proxy application, and a database application. 

9. The method of claim 1 , the method further comprising: 
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receiving a first data packet via a first network interface includes determining a first data 
packet received network interface identifier based at least in part on receiving the first 
data packet via the first network interface; and 

identifying a first network application of a plurality of network applications based at least in 
part on the first network interface includes identifying the first network application of the 
plurality of network applications based at least in part on the first data packet received 
network interface identifier. 

1 0. A method for directing units of data to network applications, the method comprising: 
receiving a first unit of data, the first unit of data including a first service address and a first 

service port identifier; 

identifying a first network application of a plurality of network appUcations based at least in 
part on the first service address and the first service port identifier, the plurality of 
network applications including a second network application, the first network 
application being different fi-om the second network appUcation; and 

sending at least a portion of the first unit of data to the first network application. 

1 1 . The method of claim 1 0, wherein: 

receiving a first unit of data includes receiving the first unit of data via a first network 
interface; and 

identifying a first network application of a plurality of network applications based at least in 
part on the first service address and the first service port identifier includes identifying 
the first network appUcation of the plurality of network applications based at least in part 
on the first service address, the first service port identifier, and the first network interface. 
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12. The method of claim 10, wherein: 
receiving a first unit of data includes 

receiving the first unit of data via a first network interface, and 
determining a first unit of data received network interface identifier based at least 
in part on receiving the first unit of data via the first network interface; and 
identifying a first network application of a plurality of network applications based at least in 
part on the first service address and the first service port identifier includes identifying 
the first network application of the plurality of network applications based at least in part 
on the fu-st service address, the first service port identifier, and the first unit of data 
received network interface identifier. 

13^ The metiiod of claim 10, wherein the first network application is a first implementation of 
a particular network application and the second network application is a second implementation 
of a particular network application. 

14. The method of claim 13, wherein the particular network application is selected fi-om the 
group consisting of an intrusion detection application, a virus detection application, a load 
balancing application, a virtual private network application, a firewall application, a web switch, 
a network security application, a proxy application, and a database appHcation. 

15, The method of claim 10, wherein identifying a first network application of a plurality of 
network applications based at least in part on the first service address and the first service port 
identifier includes: 

accessing a database, the database including a plurality of records, each of at least a subset of 
the plurality of records including 
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a service address field to store a service address, and 

a plurality of packet direction entries, each of at least a subset of the plurality of 
packet direction entries corresponding to a network application of the plurality 
of network applications, each of at least the subset of the plurality of packet 
direction entries containing a service port identifier field to store a service port 
identifier; 

identifying a record of the at least a subset of the plurality of records based at least m part on 

the first service address; and 
identifying a packet direction entry of the identified record based at least in part on the first 

service port identifier, the identified packet direction entry corresponding to the first 

network application. 

16. The method of claim 15, wherein: 

identifying a record of the at least a subset of the plurality of records based at least in part on 

the first service address includes identifying a record containing a service address 

corresponding to the first service address; and 
identifying a packet direction entry of the identified record based at least in part on the first 

service port identifier includes identifying a packet direction entry containing a service 

port identifier corresponding to the first service port identifier* 

17. The method of claim 15, wherein: 
receiving a first unit of data includes 

receiving the first unit of data via a first network interface, and 
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determining a &st unit of data received via network interface identifier based at 
least in part on receiving the first unit of data via the first network interface; 
and 

identifying a first network appUcation of a plurality of network applications based at least in 
part on the first service address and the first service port identifier includes identifying 
the first network application based at least in part on the first service address, the first 
service port identifier, and the first unit of data received via network interface identifier. 

18. The method of claim 17, wherein identifying the first network application based at least 
in part on the first service address, the first service port identifier, and the first unit of data 
received via network interface identifier includes: 

each of at least the subset of the plurality of packet direction entries containing a unit of data 

received via network interface identifier field to store a unit of data received via network 

interface identifier; and 
identifying the packet direction entry of the identified record based at least in part on the first 

unit of data received via interface identifier, the identified packet direction entry 

corresponding to the first network application. 

19. The method of claim 18, wherein each of at least the subset of the plurality of packet 
direction entries includes a send via network interface field to store a send via network interface 
identifier. 

20. The method of claim 18, wherein each of at least the subset of the plurality of packet 
direction entries includes a source address field to store a source address. 
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21 . The method of claim 1 8, wherein each of at least the subset of the pluraUty of packet 
direction entries includes a destination logical address field to store a destination logical address. 

22. The method of claim 18, wherein each of at least the subset of the plurality of packet 
direction entries includes a network application send address field to store a network application 
send address. 

23. The method of claim 22, wherein the network appUcation send address field to store a 
network application send address is a network application physical address field to store a 
network application physical address. 

24. The method of claim 23, wherein the network application physical address field to store a 
network appUcation physical address is a network application media access controller address 
field to store a media access controller address. 

25. The method of claim 22, wherein the network application send address field to store a 
network application send address is a network application send logical address field to store a 
network application send logical address, 

26. The method of claim 10, the method fiirther comprising: 

receiving a second unit of data, the second unit of data including a second service address 

and a second service port identifier; 
identifying the second network apphcation of a pluraUty of network appUcations based at 

least in part on the second service address and the second service port identifier; and 
sending at least a portion of the second unit of data to the second network application. 

27. The method of claim 26, wherein: 
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sending at least a portion of the first unit of data to the first network application includes 
sending at least a portion of the first unit of data to the first network application via a 
second network interface, the second network interface being different fi-om the first 
network interface; and 

sending at least a portion of the second unit of data to the second network application 
includes sending at least a portion of the second unit of data to the second network 
application via the second network interface. 

28. A system for directing a data packet to a network application, the system comprising: 
a first network interface to receive a data packet, the data packet including a data packet 
service address; 

packet direction logic, the packet direction logic coupled to the first network interface, the 
packet direction logic including a plurality of service definition records, each of at least a 
subset of the plurality of service definition records including 
a service address field to store a service address, 

a plurality of packet direction entries, each of at least a subset of the plurality of 
packet direction entries corresponding to a network application, the plurality 
of packet direction entries including a first packet direction entry and a second 
packet direction entry, the first packet direction entry corresponding to a first 
network application, the second packet direction entry corresponding to a 
second network application, the first network appUcation being different fi-om 
the second network application, and 
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each of at least the subset of the plurality of packet direction entries including a 
received via network int^ace field to store a received via network interface 
identifier; and 

a second network interface to send at least a portion of the data packet to the first network 
application, the second network interface coupled to the packet direction logic, the 
second network interface being different firom the first network interface. 

29. The system of claim 28, wherein the first network application is a first version of a 
particular network application and the second network application is a second version of a 
particular network application. 

30. The system of claim 29, wherein the particular network application is selected firom the 
group consisting of an intrusion detection application, a virus detection application, a firewall 
application, a web switch, a network security application, and a load balancing appUcation. 

3 1 . The system of claim 28, wherein: 

the first network application is selected from the group consisting of an intrusion detection 
application, a virus detection apphcation, a firewall application, a web switch, a network 
security application, and a load balancing appUcation; and 

the second network application is a different network application selected from the group 
consisting of an intrusion detection appUcation, a virus detection appUcation, a load 
balancing application, a virtual private network appUcation, a firewaU application, a web 
switch, a network security application, a proxy appUcation, and a database application. 

32. The system of claim 28, wherein: 

the data packet includes a data packet service port identifier; and 
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each of at least the subset of the plurality of packet direction entries includes a service port 
identifier field to store a service port identifier. 

33. The system of claim 28, wherein each of at least the subset of the pluraHty of packet 
direction entries includes a send via netv^ork interface field to store a send via network interface 
identifier. 

34. The system of claim 28, wherein each of at least the subset of the plurality of packet 
direction entries includes a source address field to store a source address. 

35. The system of claim 28, wherein each of at least the subset of the plurality of packet 
direction entries includes a destination logical address field to store a destination logical address. 

36. The system of claim 28, wherein each of at least the subset of the plurality of packet 
direction entries includes a network appHcation send address field to store a network application 
send address. 

37. The system of claim 36, wherein the network appUcation send address field to store a 
network apphcation send address is a network application physical address field to store a 
network application physical address. 

38. The system of claim 37, wherein the network application physical address field to store a 
network application physical address is a network application media access controller address 
field to store a media access controller address. 
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39. The system of claim 36, wherein the network application send address field to store a 
network application send address is a network application send logical address field to store a 
network application send logical address. 

40. The system of claim 28, wherein: 

the data packet contains a data packet service port identifier; and 
each of at least a subset of the plurality of packet direction entries includes 
a service port identifier field to store a service port identifier, 
a send via network interface field to store a send via network interface identifier, 
a source address field to store a source address, 

a destination logical address field to store a destination logical address, and 
a network application send address field to store a network application send 
address. 

41. The system of claim 28, wherein the data packet uses one or more protocols fi-om one of 
a TCP/IP network protocol suite and a UDP/IP network protocol suite. 

42. The system of claim 41, wherein the one or more protocols includes an IPv4 network 
protocol. 

43. The system of claim 41, wherein the one or more protocols includes an IPv6 network 
protocol. 

44. The system of claim 28, wherein the data packet uses one or more of a layer 2 protocol, a 
layer 3 protocol, and a layer 4 protocol 
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45. The system of claim 44, wherein the layer 2 protocol is selected from the group 
consisting of ATM and frame relay 

46. The system of claim 44, wherein the layer 3 protocol is MPLS. 

47. The system of claim 28, wherein the packet direction logic lacks information that 
supports stateftil processing. 

48. The system of claim 28, wherein the packet direction logic includes information that 
supports stateftil processing. 

49. The system of claim 28, wherein the packet direction logic consists essentially of 
information that supports stateless processing. 

50. A system for directing a data packet, the system comprising: 

means for receiving the data packet, the data packet including a data packet service address 
and a data packet service port identifier; 

means for identifying a first network application of a plurality of network applications based 
at least in part on the data packet service address and the data packet service port 
identifier, the plurality of network applications including at least the first network 
application and a second network application, the first network application being 
different from the second network application; and 

means for sending at least a portion of the data packet to the first network application. 

51. The system of claim 50, wherein: 

the means for receiving a data packet includes means for receiving a data packet via a first 
network interface; 
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the means for identifying a first network application of a plurality of network applications 
based at least in part on the data packet service address and the data packet service port 
identifier includes means for identifying the first network application of the plurality of 
network applications based at least in part on the data packet service address, the data 
packet service port identifier, and receiving the data packet via the first network interface; 
and 

the means for sending at least a portion of the data packet to the first network application 
includes means for sending at least a portion of the data packet to the first network 
application via a second network interface, the second network interface being different 
firom the first network interface. 

52. The system of claim 50, wherein: 

the means for receiving a data packet includes 

means for receiving the data packet via a first network interface, and 
means for determining a data packet received network interface identifier based at 
least in part on receiving the data packet via the first network interface; and 
the means for identifying a first network application of a plurality of network applications 
based at least in part on the data packet service address and the data packet service port 
identifier includes means for identifying the first network application of the plurality of 
network appUcations based at least in part on the data packet service address, the data 
packet service port identifier, and the data packet received network interface identifier. 

53. The system of claim 50, wherein the first network appHcation is a first implementation of 
a particular network application and the second network application is a second implementation 
of a particular network application. 
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54. The system of claim 53, wherein the particular network application is selected from the 
group consisting of an intrusion detection application, a virus detection application, a load 
balancing application, a virtual private network application, a firewall application, a web switch, 
a network security application, a proxy application, and a database application. 

55. A process for directing a data packet, the process comprising: 

a step for receiving the data packet, the data packet including a data packet service address 
and a data packet service port identifier; 

a step for identifying a furst network appKcation of a plurality of network applications based 
at least in part on the data packet service address and the data packet service port 
identifier, the plurality of network applications including at least the first network 
application and a second network appUcation, the first network application being 
different from the second network application; and 

a step for sending at least a portion of the data packet to the first network application. 

56. The process of claim 55, wherein: 

the step for receiving a data packet includes a step for receiving the data packet via a first 
network interface; 

the step for identifying a first network application of a plurality of network applications 
based at least in part on the data packet service address and the data packet service port 
identifier includes a step for identifying the first network application of the plurality of 
network applications based at least in part on the data packet service address, the data 
packet service port identifier, and receiving the data packet via the first network interface; 
and 



92 



SNI-IOIE 



the step for sending at least a portion of the data packet to the first network application 
includes a step for sending at least a portion of the data packet to the first network 
application via a second network interface, the second network interface being different 
fi-om the first network interface. 

57. The process of claim 55, wherein: 

the step for receiving a data packet includes 

a step for receiving the data packet via a furst network interface, and 
a step for determining a data packet received network interface identifier based at 
least in part on receiving the data packet via the first network interface; and 
the step for identifying a first network application of a pluraUty of network appKcations 
based at least in part on the data packet service address and the data packet service port 
identifier includes a step for identifying the first network application of the plurality of 
network applications based at least in part on the data packet service address, the data 
packet service port identifier, and the data packet received network interface identifier. 

58. The process of claim 55, wherein the first network application is a first version of a 
particular network application and the second network application is a second version of a 
particular network application. 

59. The process of claim 58, wherein the particular network application is selected fi-om the 
group consisting of an intrusion detection application, a virus detection application, a load 
balancing application, a virtual private network application, a firewall application, a web switch, 
a network security application, a proxy application, and a database apphcation. 
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60. A computer-readable medium storing a plurality of instructions to be executed by a 
processor for directing a packet, the plurality of instructions comprising instructions to: 

receive a data packet, the data packet including a data packet service address and a data 
packet service port identifier; 

identify a first network application of a pluraUty of network appKcations based at least in part 
on the data packet service address and the data packet service port identifier, the plurality 
of network appUcations including at least the first network application and a second 
network appUcation, the first network appKcation being different firom the second 
network application; and 

send at least a portion of the data packet to the first network application. 

6L The computer-readable medium of claim 60, wherein: 

the instructions to receive a data packet include instructions to receive the data packet via a 
first network interface; 

the instructions to identify a first network application of a pliirahty of network applications 
based at least in part on the data packet service address and the data packet service port 
identifier include instructions to identify the first network appUcation of the plurality of 
network applications based at least in part on the data packet service address, the data 
packet service port identifier, and receiving the data packet via the first network interface; 
and 

the instructions to send at least a portion of the data packet to the first network application 
include instructions to send at least a portion of the data packet to the first network 
appHcation via a second network interface, the second network interface being different 
fi"om the first network interface. 
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62. The computer-readable medium of claim 60, wherein: 
the instructions to receive a data packet include instructions to 

receive the data packet via a first network interface, and 
determine a data packet received network interface identifier based at least in part 
on receiving the data packet via the first network interface; and 
the instructions to identify a first network application of a plurality of network applications 
based at least in part on the data packet service address and the data packet service port 
identifier include instructions to identify the first network application of the plurality of 
network appUcations based at least in part on the data packet service address, the data 
packet service port identifier, and the data packet received network interface identifier. 

63. The computer-readable medium of claim 60, wherein the first network application is a 
first implementation of a particular network application and the second network appUcation is a 
second implementation of a particular network application. 

64. The computer-readable medium of claim 63, wherein the particular network appUcation 
is selected fi-om the group consisting of an intrusion detection application, a virus detection 
application, a load balancing application, a virtual private network appHcation, a firewall 
application, a web switch, a network security application, a proxy appUcation, and a database 
application. 
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